<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<meta name="keywords" content="SecuLution online documentation, web online help, web help" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<link rel=stylesheet href="default.css" type="text/css" /><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

 <TITLE>SecuLution Dokumentation - Agent deployment (RemoteClientManagement)</TITLE>
<STYLE type="text/css">
.t0i { font-family: Tahoma, Verdana; font-size: 11px; color: #000000; text-decoration: none } 
  .i0tab { border: 0; border-collapse: collapse; }
  .i0ind { border: 0; Height: 16px }
</STYLE>
</HEAD>
<BODY bgcolor="white" style="margin: 0; border: none; padding: 0px">
<!-- !chm2web! -->
   
<TABLE bgcolor="white" width="100%" border="0" cellpadding="3">
 <TR>
  <TD align="left" width="100" nowrap>
   <a href="http://www.seculution.com" target="_top">Home</a> &nbsp;&nbsp;
  </TD>
  <TD align="center"  nowrap>
   <b><font size="3pt" color="black">SecuLution Dokumentation</font></b>
  </TD>
  <TD align="right" width="120" nowrap>
   <a href="usb_device_encryption.htm">back</a>
   <a href="arpwatch.htm">next</a>
  </TD>
 </TR>
</TABLE>
<TABLE width="100%" border="1" cellpadding="5">
<TR valign="top">
  <TD width="200" bgcolor="white" nowrap><table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="welcome.htm" ><span      >Welcome</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="principle.htm" ><span      >SecuLution technique and terminology</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Quick start</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="quickstart_test_setup.htm" ><span      >Test setup in 30 minutes</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="best_practice_everyday.htm" ><span      >Best practice in everyday use</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="quickstart_full_setup.htm" ><span      >Full setup and deployment in 5 hours</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Installation of components</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="server_appliance_installation.htm" ><span      >Install Appliance</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="adminwizard_installation.htm" ><span      >AdminWizard installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="agent_installation.htm" ><span      >Agent installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="syslog_server_installation.htm" ><span       >Syslog server installation</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Initial configuration tasks</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="configure_basic_settings.htm" ><span       >Configure basic settings</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="configuration_agent.htm" ><span       >Agent configuration</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="schedule_tasks.htm" ><span       >Configure automated tasks</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Manage whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Initial whitelist generation</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="import_trusted_applications.htm" ><span       >Import trustworthy software</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="lernmode.htm" ><span       >Learn mode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="check_deployment.htm" ><span       >Check deployment and learning progress</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="audit.htm" ><span       >Audit</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Add entries to whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="dragndrop.htm" ><span       >Drag'n'drop</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="individual_lernmode.htm" ><span       >Individual lernmode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="import_from_directory.htm" ><span       >Import from directory</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="plu.htm" ><span       >PermanentLernUser</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="log_alarms.htm" ><span       >Log alarms</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Cleanup whitelist</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="manually_delete_orphaned.htm" ><span       >Manually delete unused entries</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="delete_from_pattern.htm" ><span       >Delete entries using a pattern</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="ruleset.htm" ><span       >Clean up classifications</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Actions</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="actions.htm" ><span       >Actions</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="45" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="valid_for.htm" ><span       >Referring rules to objects</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Offline mode</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="offline_mode.htm" ><span       >Offline mode</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Devices</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="usb_device_management.htm" ><span       >USB device management</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="usb_device_encryption.htm" ><span       >USB device encryption</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>RCM</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="setup_rcm.htm" ><span class="chitemsel" >Agent deployment (RemoteClientManagement)</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>ArpWatch</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="arpwatch.htm" ><span       >ArpWatch</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/1.gif" alt=""></td><td align=left>
<b>Logs</b></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="30" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="logs.htm" ><span       >Logs</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="faq.htm" ><span       >FAQ</span></a></td>
</tr></table>

<table class="i0tab"><tr class="t0i">
  <td width="15" valign="top" align="right" nowrap>
<img class="i0ind" src="files/11.gif" alt=""></td><td align=left>
<a href="setup.ini.htm" ><span       >setup.ini</span></a></td>
</tr></table></TD>
  <TD bgcolor="white">
  
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<h1>Agent deployment (RemoteClientManagement)</h1>

<ul>
<li><a href="#configure">Configure RCM</a>
</li>

<li><a href="#rcmupdate">RCM tools update</a>
</li>

<li><a href="#deploy">Deploy Agents using RCM</a>
</li>

<li><a href="#details">Details about how RCM works internally</a>
</li>
</ul>

<hr>

<h4><a id="configure" name="configure"></a>Configure RCM</h4>

<p>The feature "RemoteClientManagement" (RCM) enables automatic
deployment of SecuLution Agent software in your ActiveDirectory.
While you can use the SecuLution AdminWizard on any number of
computers, we recommend you use the RCM feature only on the
computer on which an administrator does his daily work.</p>

<p>System requirements for RCM:</p>

<ul>
<li>Microsoft ActiveDirectory</li>

<li>Dot Net Framework 4.5</li>
</ul>

<p>To setup RCM:</p>

<ul>
<li>Install the RCMWizard from the AdminWizard folder of your
SecuLution install-CD</li>

<li>(Re-) Start the AdminWizard</li>

<li>Select <strong>Extra &gt; Directories &gt; MS-Active-Directory
&gt; Start RCM Wizard</strong> from the menu</li>
</ul>

<p>The RCM Wizard will then guide you through the required steps.
Follow the on screen instructions.</p>
<img title="RCMWizard" alt="RCMWizard" src="i/000706.png"><br>

<hr>

<h4><a id="rcmupdate" name="RCMUpdate"></a>RCM tools update</h4>

<p>The feature "RemoteClientManagement" uses MS Active Directory
<a href="#details">group policy objects</a> to install the Agents
on computers of your choice. This can also be done manually but
SecuLutions RemoteClientManagement feature (RCM) sets everything up
for you. Until Windows XP the Microsoft Group Policy Management
Console (GPMC) was used. Since Windows Vista the GPMC is
discontinued. Therefore updating the SecuLution RCMTools is not
strictly required but it will make deployment of the Agent easier
when managing from a computer running Windows Vista or later.</p>

<p>To update the RCMTools:</p>

<ul>
<li>Install Microsofts <a target="_blank" href=
"http://www.microsoft.com/en-us/download/details.aspx?id=7887">RemoteServerAdministrationTools
(RSAT)</a></li>

<li>Install SecuLutions <a target="_blank" href=
"http://www.4ss.de/binaries/SecuSurfAdminWizard/RCM2-Update_current.exe">
RCMTools</a></li>

<li>Open path
"C:\ProgramData\SecuLutionAdminWizard\RemoteClientManagement\RCM"
in Windows Explorer</li>

<li>You may have to create two new directories "install" and
"uninstall"<br>
<img alt="" src="i/001079.png"></li>

<li>In directoy "install" the following files must be made
available. You'll find these on your SecuLution install-CD or on
the path you've yet been using for Agent deployment.<br>
<img alt="" src="i/001080.png"></li>

<li>In directoy "uninstall" the following file must be made
available. You'll find it on your SecuLution install-CD or on the
path you've yet been using for Agent deployment, too.<br>
<img alt="" src="i/001081.png"></li>

<li>Now (re-) start the SecuLution AdminWizard</li>

<li>Choose menu "Extra/Directories/MS-Active-Directory/Start RCM
Wizard"<br>
<img src="i/001083.png"></li>

<li>Now just follow the instructions on your screen. The RCM Wizard
will guide you through the setup process.<br></li>
</ul>

<hr>

<h4><a id="deploy" href="setup_rcm.htm#deploy" name="deploy">Deploy
Agents using RCM</a>
</h4>
To deploy Agents to computers in your ActiveDirectory, select the
RCM tab.<br>
You'll find four lists:<br>

<ul>
<li>Hosts not running the Agent</li>

<li>Hosts marked for Agent deployment</li>

<li>Hosts on which the Agent has been successfully deployed</li>

<li>Hosts marked for Agent uninstallation</li>
</ul>

<p>Just select one or more computer objects where the Agent should
be deployed, then click on the arrow to move these objects from one
list to another. Click apply to apply changes to the AD.</p>
<img title="deploy" alt="deploy" src="i/000711.png"><br>
<br>
Notes:<br>
Clicking on "apply" will change the computer's membership of
security groups inside the OU SecuLution. This will apply the GPO
object's security filtering. However, a computer only renews its
own membership of AD groups at the time a user logs into that
computer. Furthermore the GPO which is used for the installation of
the Agent configures the GPO setting "run these programs at user
login", which may not be immediately applied but in some cases
requires one more reboot. This results in the following effect:<br>

<ul>
<li>Day one: Admin uses RCM, group membership of computer changed
in AD but the computer does not yet know about this</li>

<li>Day two: Computer started, user logs in, computer detects new
group membership, GPO not yet applied</li>

<li>Day three: Computer started, user logs in, computer applies
GPO, Agent installation triggered, after successful installation
Computer is moved to the appropriate group in AD</li>

<li>Day four: Computer started, user logs in, computer detects new
group membership, GPO will not be applied any longer</li>
</ul>

<p>To avoid system messages on the user's screen, UAC is turned off
by the RCM's GPO for installation and uninstallation of the Agent.
This setting remains valid until the security filter for the GPO
applies.</p>
<br>

<hr>

<h4><a id="details" name="details"></a><a href=
"setup_rcm.htm#details">Details about how RCM works internally</a>
</h4>
RCM in detail:<br>
<br>
The RCMWizard verifies the following AD configuration and sets them
accordingly.<br>

<ul>
<li>A new OU SecuLution will be created in the root of your
AD.</li>

<li>New groups will be created in the OU SecuLution:</li>

<li style="list-style: none">
<ul>
<li>Hosts to install the Agent</li>

<li>Hosts to uninstall the Agent</li>

<li>Hosts running the Agent</li>
</ul>
</li>

<li>A user SSAdmin will be created and added to the group
Domain-Admins</li>

<li>A GPO "Agent Management" will be created and linked to the
domain root. This GPO</li>

<li style="list-style: none">
<ul>
<li>Turns UAC off temporarily</li>

<li>Configures "run these programs at user login"</li>
</ul>
</li>

<li>A security filtering for the GPO will be added so that the GPO
will be applied only to Computers which are members of the groups
"install" or "uninstall".</li>
</ul>
<img title="security-filtering" alt="security-filtering" src=
"i/000707.png"><br>
<br>
If the RCM does not work as expected, you can delete all OUs
(together with the users and groups contained therein) and GPOs
which are related to SecuLution and start the RCMWizard again. The
RCMWizard will then recreate and reconfigure all the required
objects. If the RCM still does not work, please manually change the
order in which GPOs are processed so that the SecuLution
AgentManagement GPO is applied first.<br>
<br>

<hr>
<br>

<p><br>
</p>
  </TD>
</TR>
</TABLE>
</BODY>
</HTML>
